PT-2018-6336 · Synology · Synology Photo Station
Mr_Me
+1
·
Publicado
2018-03-22
·
Atualizado
2019-10-09
·
CVE-2017-16772
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Synology Photo Station versions prior to 6.8.3-3463
Synology Photo Station versions prior to 6.3-2971
Description:
The issue is related to improper input validation in the SYNOPHOTO Flickr MultiUpload function. This allows remote authenticated users to execute arbitrary code via the
prog id parameter.Recommendations:
For versions prior to 6.8.3-3463, update to version 6.8.3-3463 or later.
For versions prior to 6.3-2971, update to version 6.3-2971 or later.
Correção
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Synology Photo Station